IDA Pro变量（Variables）

 　There are two kinds of variables in IDC:

 -local variables:they are created at the function entry

 and destroyed at the exit

 -global variables:they are created at the compilation time

 and destroyed when the database is closed

 A variable can contain:

 -LONG:a 32-bit signed long integer(64-bit in 64-bit version of IDA)

 -INT64:a 64-bit signed long integer

 -STR:a character string

 -FLOAT:a floating point number(extra precision,up to 25 decimal digits)

 -OBJECT:an object with attributes and methods

 (a concept very close to C++class)more

 -REF:a reference to another variable

 -FUNC:a function reference

 A local variable is declared this way:

 auto var1;

 auto var2=;

 Global variables are declared like this:

 extern var;

 Global variables can be redefined many times.IDA will silently ignore subsequent declarations.Please note that global variables cannot be initialized at the declaration time.

 All C and C++keywords are reserved and cannot be used as a variable name.

 While it is possible to declare a variable anywhere in the function body,all variables are initialized at the function entry and all of them are destroyed only at the exit.So,a variable declared in a loop body will not be reinitialized at each loop iteration,unless explicitly specified with an assignment operator.

 If a variable or function name cannot be recognized,IDA tries to resolve them using the names from the disassembled application.In it succeeds,the name is replaced by its value in the disassembly listing.For example:

 .data:00413060 errtable dd 1;oscode

 .data:00413060 dd 16h;errnocode

 msg("address is:%x\n",_errtable);

 will print 413060.If the label denotes a structure,it is possible to refer to its fields:

 msg("address is:%x\n",_errtable.errnocode);

 will print 413064.Please note that IDA does not try to read the data but just returns the address of the structure field.The field address can also be calculated using the get_field_ea function.

 NOTE:The processor register names can be used in the IDC scripts when the debugger is active.Reading from such a variable return the corresponding register value.Writing to such a variable modifies the register value in the debugged process.Such variables are accessible only when the application is in the suspended mode.

 NOTE:another way to emulate global scope variables is to use array functions and create global persistent arrays.

 中文翻译如下：

 DC中有两种变量：

 ●局部变量：它们在函数入口处创建，在函数退出时销毁

 ●全局变量：它们在编译时创建，在数据库关闭时销毁

 ●变量可以包含以下内容：LONG：32位有符号长整型（64位版本的IDA中为64位）

 ●INT64：64位有符号长整型

 ●STR：字符字符串

 ●FLOAT：浮点数（额外精度，最多25个小数位）

 ●OBJECT：具有属性和方法的对象（概念非常接近于C++类）更多信息

 ●REF：对另一个变量的引用

 ●FUNC：函数引用

 局部变量的声明方式为：

 auto var1;

 auto var2=;

 全局变量声明方式为：

 extern var;

 全局变量可以重复定义多次，IDA会自动忽略后续的声明。请注意，全局变量不能在声明时初始化。

 所有C和C++关键字都是保留的，不能用作变量名。

 尽管可以在函数体的任何位置声明变量，但所有变量都在函数入口初始化，并且只有在函数退出时才会销毁它们。因此，在循环体中声明的变量不会在每次循环迭代中重新初始化，除非使用赋值运算符明确指定。

 如果无法识别变量或函数名称，IDA会尝试使用反汇编应用程序中的名称进行解析。如果成功，名称将替换为其在反汇编列表中的值。例如：

 .data:00413060 errtable dd 1;oscode

 .data:00413060 dd 16h;errnocode

 msg("address is:%x\n",_errtable);

 将打印413060。如果标签表示结构，则可以引用其字段：

 msg("address is:%x\n",_errtable.errnocode);

 将打印413064。请注意，IDA不尝试读取数据，只是返回结构字段的地址。可以使用get_field_ea函数计算字段地址。

 注意：当调试器处于活动状态时，可以在IDC脚本中使用处理器寄存器名称。从这样的变量读取返回相应的寄存器值。将值写入这样的变量将修改调试过程中的寄存器值。这些变量仅在应用程序处于暂停模式时可访问。

 注意：模拟全局作用域变量的另一种方法是使用数组函数并创建全局持久性数组。